Domain 6 Flashcards

1
Q

Security Assessment and Testing Programs

A

Provides a mechanism for validating the ongoing effectiveness of security controls with a variety of tools:
- Vuln assessments
- Pen test / software testing
- Audits
- Security management tasks

NOTE
Every org should have a security assessment and testing program defined and operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Assessment & Testing
Vulnerability Assessments

A

Automated tools to search for known vulnerabilities in systems / apps/ networks
- Flaws may include missing patches, misconfigs, or faulty code that expose the org

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Assessment & Testing
Penetration tests

A

Uses same tools as vuln assessments but supplements them with attack techniques where an assessor attempts to exploit vulns and gain access to the system

Common Strats:
- War Dialing - Bank of modems
- Sniffing
- Eavesdropping
- Dumpster Diving
- Social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Software testing
Static Software Testing

A

Evaluated the security of software without running it by analyzing the src code or compilied app

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Software testing
Dynamic Software Testing

A

Eval the software in a runtime environment
- Only option for orgs deploying apps written by someone else

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Fuzzing

A

Testing technique

Uses modified inputs to test software performance under unexpected circumstances
- Can modify known inputs to make a lot of synthetic inputs that may trigger unexpected behavior
- Generational fuzzing develops inputs based on models of expected inputs to perform the same task

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security Management Oversight
Log Reviews

A

Particularly for admins, ensure systems are not misused

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security Management Oversight
Account Management Reviews

A

Only authorized users retain access to system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security Management Oversight
Backup Verification

A

Most important SMO

Ensures the orgs data protection process is functioning properly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security Management Oversight
Key Performance and Risk Indicators

A

Provide a high level of security program effectiveness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly